WO2017065209A1

WO2017065209A1 - Information processing system, information processing device, information processing method, and program

Info

Publication number: WO2017065209A1
Application number: PCT/JP2016/080351
Authority: WO
Inventors: 真吾長谷川; 淳也岩崎; 正夫酒井; 大樹高橋; 正幸福光
Original assignee: 国立大学法人東北大学
Priority date: 2015-10-16
Filing date: 2016-10-13
Publication date: 2017-04-20
Also published as: JPWO2017065209A1; US10574455B2; EP3364328A1; JP6567683B2; US20180234239A1

Abstract

An information processing system (1) equipped with multiple storage devices (10). The information processing system (1) selects, from among multiple different device groups associated with multiple different points in time, one device group associated with a time point that is included in a prescribed period containing the current point in time, and saves, in N storage devices included in the selected device group, N pieces of distributed data generated from confidential data according to a secret sharing scheme. The information processing system (1) executes a restoration process with respect to one device group among the multiple device groups, and if the restoration fails, the information processing system executes the restoration process with respect to a device group (among the multiple device groups) associated with a point in time prior to the point in time associated with the device group from which the failure originated.

Description

Information processing system, information processing apparatus, information processing method, and program

The present invention relates to an information processing system, an information processing apparatus, an information processing method, and a program.

An information processing system including a plurality of storage devices is known. As one of this type of information processing system, the information processing system described in Patent Document 1 generates N (N represents an integer of 2 or more) pieces of distributed data from secret data according to a secret sharing method. . Further, the information processing system stores the generated N pieces of distributed data in N pieces of storage devices.

In the above information processing system, for example, a user who intends to illegally acquire secret data includes k (k is 2 or more and more than N of N pieces of distributed data generated from the secret data). Secret data cannot be recovered without obtaining pieces of distributed data (representing a small integer). Further, the information processing system changes the storage device as the storage destination of N pieces of distributed data according to a predetermined method every time secret data is stored.

JP 2013-20314 A

By the way, the information processing system stores information for identifying the secret data and information for specifying the storage destination of the distributed data in association with each other, and restores the secret data when the restoration of the secret data is requested. Therefore, it is conceivable to specify the storage destination of the distributed data used for this purpose based on the stored information.

However, in this case, the information may be leaked to a user who intends to obtain confidential data illegally. In this case, it is easy for the user to specify the storage destination of the distributed data used for restoring the secret data. For this reason, there is a possibility that the secret data is illegally acquired.

In addition, when the information processing system does not store the information for identifying the secret data in association with the information for specifying the storage destination of the distributed data, the secret data is restored when the restoration of the secret data is requested. Therefore, the processing load for specifying the storage destination of the distributed data used for this is likely to increase.

One of the objects of the present invention is to reduce the processing load for specifying the storage destination of distributed data while suppressing the unauthorized acquisition of secret data.

In one aspect, the information processing system includes M (M represents an integer of 2 or more) storage devices.
Furthermore, this information processing system
Generating means for generating N (N represents an integer greater than or equal to 2 and less than or equal to M) pieces of shared data from the secret data according to a secret sharing method;
One of a plurality of different device groups respectively associated with a plurality of different time points is associated with a time point included in a period between the current time point and a time point a predetermined time before the current time point. A device group is selected, and each of the plurality of device groups includes C storage devices (C represents an integer not less than N and not more than M) selected from the M storage devices, and Storage means for storing the generated N distributed data in N storage devices included in the selected device group;
A restoration process is executed on one of the plurality of device groups, and the restoration process is performed on each of the storage devices of at least some of the N storage devices included in the device group. And when the restoration fails, out of the plurality of device groups, and restoring the secret data according to the secret sharing method from the provided data provided in response to the request, A restoring means for executing the restoration process on a device group associated with a time point prior to a time point associated with the device group that has caused the failure;
Is provided.

In another aspect, the information processing device is communicably connected to M storage devices (M represents an integer of 2 or more).
Furthermore, this information processing apparatus
Generating means for generating N (N represents an integer greater than or equal to 2 and less than or equal to M) pieces of shared data from the secret data according to a secret sharing method;
One of a plurality of different device groups respectively associated with a plurality of different time points is associated with a time point included in a period between the current time point and a time point a predetermined time before the current time point. A device group is selected, and each of the plurality of device groups includes C storage devices (C represents an integer not less than N and not more than M) selected from the M storage devices, and Storage means for storing the generated N distributed data in N storage devices included in the selected device group;
A restoration process is executed on one of the plurality of device groups, and the restoration process is performed on each of the storage devices of at least some of the N storage devices included in the device group. And when the restoration fails, out of the plurality of device groups, and restoring the secret data according to the secret sharing method from the provided data provided in response to the request, A restoring means for executing the restoration process on a device group associated with a time point prior to a time point associated with the device group that has caused the failure;
Is provided.

In another aspect, the information processing method uses M (M represents an integer of 2 or more) storage devices.
Furthermore, this information processing method
Generate N (N represents an integer of 2 or more and M or less) distributed data from the secret data according to the secret sharing method,
One of a plurality of different device groups respectively associated with a plurality of different time points is associated with a time point included in a period between the current time point and a time point a predetermined time before the current time point. A device group is selected, and each of the plurality of device groups includes C storage devices (C represents an integer not less than N and not more than M) selected from the M storage devices, and The generated N distributed data are respectively stored in N storage devices included in the selected device group,
A restoration process is executed on one of the plurality of device groups, and the restoration process is performed on each of the storage devices of at least some of the N storage devices included in the device group. And when the restoration fails, out of the plurality of device groups, and restoring the secret data according to the secret sharing method from the provided data provided in response to the request, The restoration process is executed on a device group associated with a time point prior to the time point associated with the device group that has caused the failure.

In another aspect, the program causes an information processing device connected to be communicable with M storage devices (M represents an integer of 2 or more).
The above process
Generate N (N represents an integer of 2 or more and M or less) distributed data from the secret data according to the secret sharing method,
One of a plurality of different device groups respectively associated with a plurality of different time points is associated with a time point included in a period between the current time point and a time point a predetermined time before the current time point. A device group is selected, and each of the plurality of device groups includes C storage devices (C represents an integer not less than N and not more than M) selected from the M storage devices, and The generated N distributed data are respectively stored in N storage devices included in the selected device group,
A restoration process is executed on one of the plurality of device groups, and the restoration process is performed on each of the storage devices of at least some of the N storage devices included in the device group. And when the restoration fails, out of the plurality of device groups, and restoring the secret data according to the secret sharing method from the provided data provided in response to the request, Performing the restoration process on a device group associated with a time point before a time point associated with the device group that is the basis of the failure.

It is possible to reduce the processing load for specifying the storage destination of the distributed data while suppressing the unauthorized acquisition of the secret data.

It is a block diagram showing the structure of the information processing system of 1st Embodiment. It is a block diagram showing the structure of the information processing apparatus of FIG. It is a block diagram showing the function for the information processing apparatus of FIG. 1 to operate as a user node. It is a block diagram showing the function for the information processing apparatus of FIG. 1 to operate as a storage node. It is a flowchart showing the process which the information processing apparatus of FIG. 1 performs in order to preserve | save user data. It is a flowchart showing the process which the information processing apparatus of FIG. 1 performs in order to restore | restore user data. It is a flowchart showing a part of process which the information processing apparatus of 2nd Embodiment performs in order to preserve | save user data. It is a flowchart showing a part of process which the information processing apparatus of 2nd Embodiment performs in order to restore | restore user data. It is a block diagram showing the function for the information processing apparatus of 3rd Embodiment to operate | move as a preservation | save node. It is a flowchart showing the process which the information processing apparatus of 3rd Embodiment performs in order to provide distributed data.

Hereinafter, embodiments of the information processing system, the information processing apparatus, the information processing method, and the program according to the present invention will be described with reference to FIGS. 1 to 10.

<First Embodiment>
(Constitution)
As illustrated in FIG. 1, the information processing system 1 according to the first embodiment includes P (P represents an integer of 3 or more) pieces of information processing that are communicably connected to each other via a communication network NW. Devices 10-1,..., 10-P are provided. In this example, the communication network NW is an IP (Internet Protocol) network. In the following, the information processing apparatus 10-p may be represented as the information processing apparatus 10 when it is not necessary to distinguish between them. p represents each integer of 1 to P. In this example, the information processing system 1 performs communication according to a P2P (Peer to Peer) method. The information processing apparatus 10-p may be represented as a node 10-p.

As shown in FIG. 2, the information processing device 10-p includes a processing device 11, a storage device 12, a communication device 13, an input device 14, and an output device 15, which are connected to each other via a bus BU. Prepare.

The processing device 11 controls each element constituting the information processing device 10-p by executing a program stored in the storage device 12. As a result, the information processing apparatus 10-p realizes functions to be described later. In this example, the processing apparatus 11 includes a CPU (Central Processing Unit). The processing device 11 may include an MPU (Micro Processing Unit) or a DSP (Digital Signal Processor).

The storage device 12 stores information in a readable / writable manner. For example, the storage device 12 includes at least one of RAM (Random Access Memory), HDD (Hard Disk Drive), SSD (Solid State Drive), semiconductor memory, and organic memory. The storage device 12 may include a recording medium such as a flexible disk, an optical disk, a magneto-optical disk, and a semiconductor memory, and a reading device that can read information from the recording medium.

The communication device 13 communicates with another information processing device 10-q by wire or wireless. q represents an integer of 1 to P different from p. In this example, the communication device 13 performs anonymous communication in which at least one of the transmission source and the transmission destination is concealed as communication with the other information processing device 10-q. For example, anonymous communication may be realized using a technology called Tor (The Onion Router) or I2P (The Invisible Internet Project).

Note that the communication device 13 may perform non-anonymous communication as at least part of the communication with the other information processing device 10-q. Non-anonymous communication is communication in which both a transmission source and a transmission destination are disclosed.

The input device 14 inputs information from outside the information processing device 10-p. In this example, the input device 14 includes a keyboard and a mouse. Note that the input device 14 may include a microphone or a camera.
The output device 15 outputs information to the outside of the information processing device 10-p. In this example, the output device 15 includes a display. The output device 15 may include a speaker.
The information processing apparatus 10-p may include a touch panel display that constitutes both the input device 14 and the output device 15.

(function)
As illustrated in FIGS. 3 and 4, the information processing apparatus 10-p includes a function for the information processing apparatus 10-p to operate as the user node 100, and the information processing apparatus 10-p operates as the storage node 200. And a function for

In this example, the information processing apparatus 10-p operates in one state selected from the first state, the second state, and the third state. The first state is a state in which the information processing apparatus 10-p operates as the user node 100 and the information processing apparatus 10-p does not operate as the storage node 200. The second state is a state in which the information processing apparatus 10-p operates as the storage node 200 and the information processing apparatus 10-p does not operate as the user node 100. The third state is a state in which the information processing apparatus 10-p operates as the user node 100 and the information processing apparatus 10-p also operates as the storage node 200.

Further, the information processing apparatus 10-p operating as the user node 100 may be represented as the user node 100. The information processing apparatus 10-p operating as the storage node 200 may be represented as the storage node 200.
Note that at least some of the P information processing apparatuses 10-1,..., 10-P have only one of the function of the user node 100 and the function of the storage node 200. You may have.

(Function: User node)
As shown in FIG. 3, the functions of the user node 100 include a user authentication reception unit 101, a user data storage request reception unit 102, a storage node list acquisition unit 103, a node group determination unit 104, and distributed data generation. Unit 105, distributed data storage request transmission unit 106, user data restoration request reception unit 107, provided data acquisition unit 108, and secret data restoration unit 109.

In this example, the distributed data generation unit 105 constitutes a generation unit. In this example, the user data storage request reception unit 102, the storage node list acquisition unit 103, the node group determination unit 104, and the distributed data storage request transmission unit 106 constitute a storage unit. In this example, the storage node list acquisition unit 103, the node group determination unit 104, the user data restoration request reception unit 107, the provision data acquisition unit 108, and the secret data restoration unit 109 constitute a restoration unit.

The user authentication receiving unit 101 receives user authentication information. In this example, the user authentication receiving unit 101 receives input information input via the input device 14 by the user of the information processing apparatus 10-p as user authentication information. In this example, the input information includes a user identifier for identifying the user (in other words, a user ID) and a character string as a password used for user authentication.

The user data storage request receiving unit 102 receives a user data storage request input by the user via the input device 14.

The user data storage request input by the user may be regarded as being associated with the input information input by the user. The user data storage request includes user data and represents a request to store the user data.

The user data storage request receiving unit 102 encrypts user data included in the received user data storage request. Note that the user data storage request receiving unit 102 may not encrypt user data.

The storage node list acquisition unit 103 acquires a storage node list when a user data storage request is accepted. The storage node list includes the storage node 200 of each of the P information processing apparatuses 10-1,..., 10-P and the storage node list of the P information processing apparatuses 10-1,. This is information representing the ranking given to each storage node 200. In other words, the storage node list includes the storage devices 200 included in the storage node 200 among the P information processing devices 10-1,..., 10-P and the P information processing devices 10-1,. This is information representing the ranks assigned to the storage devices 12 included in the storage node 200 of 10-P.

In this example, the storage node list is information in which node identifiers (in other words, node IDs) for identifying the storage node 200 are arranged in order so that the order decreases from the top to the end. In this example, the storage node list constitutes device order information.

As will be described later, the storage node list is generated every time the list generation time comes. In other words, the list generation time is the time when the storage node list is generated. In this example, the list generation time is predetermined in the information processing system 1. In other words, the P information processing apparatuses 10-1,..., 10-P share the list generation time. In this example, the list generation time point is a time point that arrives every time a predetermined change time (for example, 1 minute) elapses from a reference time point (for example, January 1, 2015, 00:00:00). The change time may vary.

As will be described later, at least one storage node 200 holds a plurality of different storage node lists respectively generated at a plurality of list generation points in association with the plurality of list generation points. For example, the storage node list includes time point information indicating a list generation time point when the storage node list is generated.

In this example, the storage node list is acquired as follows. The storage node list acquisition unit 103 acquires the current time point when a user data storage request is accepted. Then, the storage node list acquisition unit 103 selects one list generation time from among at least one list generation time included in a predetermined selection period among the list generation times predetermined in the information processing system 1. . In this example, the selection period is a period between the acquired current time point and a time point that is a predetermined time (for example, 5 minutes) before the current time point.

Specifically, the storage node list acquisition unit 103 randomly selects one list generation time from among at least one list generation time included in the selection period. In this example, the random selection is performed using a pseudo-random number.

The storage node list acquisition unit 103 transmits a storage node list request including time point information indicating the selected list generation time point to the storage node 200 that stores the storage node list. The storage node list request represents requesting a storage node list. The storage node list acquisition unit 103 receives (in other words, acquires) the storage node list transmitted by the storage node 200 in response to the storage node list request. As a result, the storage node list is acquired.

The distributed data generation unit 105 generates S pieces of distributed data from the secret data that is the user data encrypted by the user data storage request receiving unit 102 according to the secret sharing method. S represents an integer of 2 or more and M or less. M represents a value P−1 obtained by subtracting 1 from P. M may represent a value equal to P. The S pieces of distributed data generated from the user data constitute a first distributed data group. The distributed data may be expressed as a share.

In this example, the secret sharing method is the Shamir secret sharing method described in Non-Patent Document 1 below. Note that the secret sharing method may be different from the Shamir secret sharing method. In this example, the secret sharing method for user data can restore secret data from t or more of the S pieces of distributed data, and is less than t of the S pieces of distributed data. Unable to recover secret data from a number of distributed data. t represents an integer of 2 or more and smaller than S.
Non-Patent Document 1: A. Shamir, “How to share a secret”, Communications of the ACM, Vol. 22, No. 11, p. 612-613, 1979

The node group determination unit 104 determines a node group for the first distributed data group generated from the user data based on the storage node list acquired by the storage node list acquisition unit 103 when a user data storage request is accepted. To do. The node group for the first distributed data group includes S storage nodes 200.

In this example, the determination of the node group for the first distributed data group is performed as follows. The node group determination unit 104 randomly selects S node IDs from among the node IDs included in the storage node list acquired by the storage node list acquisition unit 103 when a user data storage request is received. The node group determination unit 104 determines a node group including S storage nodes 200 respectively identified by the selected S node IDs as a node group for the first distributed data group. As a result, the node group for the first distributed data group is determined.

The distributed data storage request transmission unit 106 adds the S storage nodes 200 included in the node group for the first distributed data group, which is determined by the node group determination unit 104 when the user data storage request is received, to the S storage nodes 200. The first distributed data storage request is transmitted. The S first distributed data storage requests each include S pieces of distributed data included in the first distributed data group generated by the distributed data generation unit 105. Further, each first distributed data storage request includes a first data identifier (in other words, a first data ID) that identifies the distributed data in the storage node 200 that is the storage destination, and stores the distributed data in the storage device 12. Indicates a request.

Furthermore, the node group determination unit 104 generates metadata when the first distributed data storage request is transmitted by the distributed data storage request transmission unit 106. The metadata includes information representing S storage nodes 200 (in other words, storage destinations) in which S pieces of distributed data generated from user data are stored. In this example, the metadata further includes information used for decrypting the encrypted user data and a first data ID.

The node group determination unit 104 encrypts the generated metadata. Specifically, the node group determination unit 104 acquires a hash value for a predetermined hash function of the input information associated with the user data storage request that is the basis of the metadata, and uses the acquired hash value The metadata is encrypted according to a predetermined encryption method. For example, the hash function is a hash function called MD5, SHA-0, SHA-1, SHA-2, or SHA-3. For example, the encryption method is a common key encryption method such as 3-key Triple DES, AES, or Camellia. DES is an abbreviation for Data Encryption Algorithm. AES is an abbreviation for Advanced Encryption Standard. Note that the node group determination unit 104 may not encrypt the metadata.

The distributed data generation unit 105 generates N pieces of distributed data from the secret data that is the metadata encrypted by the node group determination unit 104 according to the secret sharing method. N represents an integer of 2 or more and M or less. N may represent a value equal to S or a value different from S. N pieces of distributed data generated from the metadata constitute a second distributed data group.

In this example, the secret sharing method for metadata can restore secret data from k or more pieces of distributed data among N pieces of distributed data, and is less than k of N pieces of distributed data. Unable to recover secret data from a number of distributed data. k represents an integer of 2 or more and smaller than N.

The node group determination unit 104 determines a node group for the second distributed data group generated from the metadata based on the storage node list acquired by the storage node list acquisition unit 103 when a user data storage request is received. To do. A node group for the second distributed data group includes N storage nodes 200.

In this example, the determination of the node group for the second distributed data group is performed as follows. The node group determination unit 104 has a storage node list acquired by the storage node list acquisition unit 103 when a user data storage request is received, and a predetermined information rank relationship between the input information and N different ranks. Based on the input information associated with the user data storage request, N node IDs are selected from the node IDs included in the storage node list.

Specifically, the node group determination unit 104 acquires N different ranks based on the input information associated with the user data save request and the information rank relationship, and includes them in the save node list. N node IDs respectively corresponding to the obtained N rankings are selected from the node IDs to be acquired.

In this example, in the information rank relationship, the n-th rank among the N ranks is a hash value for a predetermined hash function whose information is obtained by adding information representing n to the input information and whose hash value is an integer. It is determined to be equal to the value obtained by adding 1 to the remainder when divided by the number of storage nodes 200 included in the storage node list. n represents each integer of 1 to N.

In addition, the node group determination unit 104 determines a node group including N storage nodes 200 respectively identified by the selected N node IDs as a node group for the second distributed data group. As a result, the node group for the second distributed data group is determined.

In this example, the node group corresponds to a device group including N storage devices 12 included in the N storage nodes 200 included in the node group.
In this example, the node group for the second distributed data group determined by the node group determining unit 104 does not change when the storage node list and the input information do not change. Therefore, selection of the storage node list corresponds to selection of a node group for the second distributed data group.

Further, in this example, the storage node list used for determining the node group for the second distributed data group is a storage node list associated with the list generation time indicated by the time information included in the storage node list request. Therefore, in this example, the selection of the list generation time point indicated by the time point information included in the storage node list request corresponds to the selection of the node group for the second distributed data group.

The distributed data storage request transmission unit 106 includes N storage nodes 200 included in the node group for the second distributed data group determined by the node group determination unit 104 when the user data storage request is received. The second distributed data storage request is transmitted.

The N second distributed data storage requests each include N pieces of distributed data that are generated by the distributed data generation unit 105 and constitute the second distributed data group. Further, each second distributed data storage request includes a second data identifier (in other words, a second data ID) for identifying the distributed data in the storage node 200 as a storage destination, and stores the distributed data in the storage device 12. Indicates a request. In this example, the second data ID is a user ID included in the input information associated with the user data storage request that is the basis of the second distributed data group.

The user data restoration request accepting unit 107 accepts a user data restoration request input by the user via the input device 14.

The user data restoration request input by the user may be regarded as being associated with the input information input by the user. The user data restoration request represents requesting restoration of user data.

The storage node list acquisition unit 103 acquires a storage node list when a user data restoration request is received. In this example, the storage node list is acquired as follows. The storage node list acquisition unit 103 acquires the current time when a user data restoration request is received. Then, the storage node list acquisition unit 103 selects a list generation time point closest to the acquired current time point from among list generation time points that are predetermined in the information processing system 1.

The storage node list acquisition unit 103 transmits a storage node list request including time point information indicating the selected list generation time point to the storage node 200 that stores the storage node list. The storage node list acquisition unit 103 receives (in other words, acquires) the storage node list transmitted by the storage node 200 in response to the storage node list request. As a result, the storage node list is acquired.

The node group determination unit 104 determines a node group for the second distributed data group generated from the metadata based on the storage node list acquired by the storage node list acquisition unit 103 when a user data restoration request is received. To do. A node group for the second distributed data group includes N storage nodes 200.

In this example, the determination of the node group for the second distributed data group is performed in the same manner as when a user data storage request is accepted as follows. The node group determination unit 104 receives the storage node list acquired by the storage node list acquisition unit 103 when the user data recovery request is received, the information ranking relationship, and the input information associated with the user data recovery request. , N node IDs are selected from the node IDs included in the stored node list.

The provided data acquisition unit 108 adds the Nth storage node 200 included in the node group for the second distributed data group determined by the node group determination unit 104 when the user data restoration request is received to the Nth storage node 200. 2 Each distributed data provision request is transmitted. Each second shared data provision request includes the user ID included in the input information associated with the user data restoration request as the second data ID, and requests provision of the distributed data stored in the storage device 12. Represents.

The provided data acquisition unit 108 includes the N storage nodes 200 included in the node group for the second distributed data group, which is determined by the node group determination unit 104 when the user data restoration request is received. The v second distributed data provision requests may be transmitted only to the v storage nodes 200, respectively. v represents an integer smaller than N and greater than or equal to k.

The provided data acquisition unit 108 receives the provided data transmitted (in other words, provided) by the storage node 200 in response to the transmitted second distributed data provision request. The provision data received in response to the second distributed data provision request constitutes a second provision data group. Thereby, the provision data acquisition unit 108 acquires the second provision data group. Note that the storage node 200 may not transmit the provision data in response to the second distributed data provision request. Therefore, the number of provision data constituting the second provision data group may be smaller than N. In addition, the storage node 200 may transmit predetermined dummy data in response to the second distributed data provision request. Accordingly, the second provided data group may include data different from the distributed data that constitutes the second distributed data group.

The secret data restoration unit 109 restores the secret data from the distributed data that is the provision data constituting the second provision data group acquired by the provision data acquisition unit 108 according to the secret sharing method.

The storage node list acquisition unit 103 acquires the storage node list again when the secret data restoration unit 109 fails to restore the secret data for the second provided data group. In this example, the storage node list is acquired as follows. If the restoration of the secret data for the second provided data group fails, the storage node list acquisition unit 103 is associated with the storage node list that is the basis of the failure (in other words, the storage node list is generated). A list generation time point before the generation time point is acquired by the change time.

Then, the storage node list acquisition unit 103 transmits a storage node list request including time point information indicating the acquired list generation time point to the storage node 200 holding the storage node list. The storage node list acquisition unit 103 receives (in other words, acquires) the storage node list transmitted by the storage node 200 in response to the storage node list request. As a result, the storage node list is acquired.

The node group determination unit 104 generates the second distributed data group generated from the metadata based on the storage node list acquired by the storage node list acquisition unit 103 when the restoration of the secret data for the second provided data group fails. The node group for is determined. In this example, the determination of the node group for the second distributed data group is performed in the same manner as when the user data storage request is accepted as described above.

The provided data acquisition unit 108 sets the N storage nodes 200 included in the node group for the second distributed data group, which is determined by the node group determining unit 104 when the restoration of the secret data for the second provided data group fails. , N pieces of second distributed data provision requests are transmitted. The provision data acquisition unit 108 receives the provision data transmitted (in other words, provided) by the storage node 200 in response to the transmitted second distributed data provision request.

The secret data restoration unit 109 obtains a hash value for the hash function used to encrypt the metadata of the input information associated with the user data restoration request when the restoration of the secret data for the second provided data group is successful. To do. Further, the secret data restoration unit 109 decrypts the metadata, which is the restored secret data, according to the decryption method corresponding to the encryption method, using the acquired hash value.

When the restoration of the secret data for the second provided data group is successful, the provided data acquisition unit 108 stores the S pieces of distributed data generated from the user data represented by the metadata decrypted by the secret data restoration unit 109. The S first distributed data provision requests are transmitted to the S storage nodes 200 stored respectively. Each first shared data provision request includes a first data ID represented by the metadata decrypted by the secret data restoration unit 109, and represents a request for provision of the distributed data stored in the storage device 12. .

The provided data acquisition unit 108 uses the u storage nodes of the S storage nodes 200 each of which stores the S pieces of distributed data generated from the user data and represented by the decrypted metadata. Only the 200 first distributed data provision requests may be transmitted to only 200. u represents an integer smaller than S and greater than or equal to t.

The provided data acquisition unit 108 receives the provided data transmitted (in other words, provided) by the storage node 200 in response to the transmitted first distributed data provision request. The provision data received in response to the first distributed data provision request constitutes a first provision data group. Thereby, the provision data acquisition part 108 acquires the 1st provision data group. Note that the storage node 200 may not transmit the provision data in response to the first distributed data provision request. Therefore, the number of provision data constituting the first provision data group may be smaller than S. The storage node 200 may transmit predetermined dummy data in response to the first distributed data provision request. Therefore, the first provided data group may include data different from the distributed data constituting the first distributed data group.

The secret data restoration unit 109 restores the secret data from the distributed data that is the provision data constituting the first provision data group acquired by the provision data acquisition unit 108 according to the secret sharing method. The secret data restoration unit 109, when the restoration of the secret data for the first provided data group is successful, based on the information used to decrypt the encrypted user data represented by the decrypted metadata, The user data that is the restored secret data is decrypted.

(Function: Save node)
As illustrated in FIG. 4, the function of the storage node 200 includes a storage request processing unit 201, a distributed data storage unit 202, a provision request processing unit 203, an operation notification processing unit 204, and an operation notification storage unit 205. A storage node list generation unit 206, a storage node list storage unit 207, and a storage node list request processing unit 208.

The storage request processing unit 201 receives a first distributed data storage request or a second distributed data storage request from the user node 100.

When the first distributed data storage request is received, the storage request processing unit 201 stores the first data ID and the distributed data included in the first distributed data storage request in the distributed data storage unit 202 in association with each other. As a result, the distributed data storage unit 202 holds the distributed data in association with the first data ID.

Similarly, when the second distributed data storage request is received, the storage request processing unit 201 associates the second data ID and the distributed data included in the second distributed data storage request with each other in the distributed data storage unit 202. Remember me. As a result, the distributed data storage unit 202 holds the distributed data in association with the second data ID.

The provision request processing unit 203 receives a first distributed data provision request or a second distributed data provision request from the user node 100.

When the first shared data provision request is received, the provision request processing unit 203 associates the distributed data held in the distributed data storage unit 202 in association with the first data ID included in the first distributed data provision request. It transmits to the user node 100 that is the transmission source of the first distributed data provision request.

When the first distributed data provision request is received, the provision request processing unit 203 holds the distributed data associated with the first data ID included in the first distributed data provision request in the distributed data storage unit 202. If not, data is not transmitted to the user node 100 that is the transmission source of the first distributed data provision request. At this time, the provision request processing unit 203 transmits a notification indicating that the distributed data corresponding to the first distributed data provision request is not held to the user node 100 that is the transmission source of the first distributed data provision request. May be. At this time, the provision request processing unit 203 may transmit predetermined dummy data to the user node 100 that is the transmission source of the first distributed data provision request.

Similarly, when the second distributed data provision request is received, the provision request processing unit 203 is associated with the second data ID included in the second distributed data provision request and is stored in the distributed data storage unit 202. Data is transmitted to the user node 100 that is the transmission source of the second distributed data provision request.

The provision request processing unit 203 holds the distributed data associated with the second data ID included in the second distributed data provision request in the distributed data storage unit 202 when the second distributed data provision request is received. If not, data is not transmitted to the user node 100 that is the transmission source of the second distributed data provision request. At this time, the provision request processing unit 203 transmits a notification indicating that the distributed data corresponding to the second distributed data provision request is not held to the user node 100 that is the transmission source of the second distributed data provision request. May be. At this time, the provision request processing unit 203 may transmit predetermined dummy data to the user node 100 that is the transmission source of the second distributed data provision request.

When the information processing apparatus 10-p starts the operation as the storage node 200, the operation notification processing unit 204 transmits an operation notification to each of the other information processing apparatuses 10-q every time a predetermined notification cycle elapses. In addition, the operation notification is stored in the operation notification storage unit 205 in association with the time when the operation notification is transmitted. The information processing system 1 sets each of at least one storage node 200 as a list generation node. Each list generation node generates a storage node list candidate that is a storage node list candidate.

In this example, the storage node list candidate includes the electronic signature of the list generation node that generated the storage node list candidate. Each list generation node transmits the generated storage node list candidate to each of the other information processing apparatuses 10-q.

Each of the information processing apparatuses 10-q that have received the storage node list candidate verifies whether or not the storage node list candidate is authentic. For example, whether or not the storage node list candidate is authentic may be verified by an electronic signature included in the storage node list candidate. Each of the information processing apparatuses 10-q that have received the storage node list candidate approves the storage node list candidate when the storage node list candidate is authentic.

The information processing system 1 selects one storage node list candidate as a storage node list from among the storage node list candidates generated at the time of list generation based on the approval result. For example, the information processing system 1 has the earliest storage node at which the number of information processing apparatuses 10 that have approved that the storage node list candidate is authentic is a majority of the total number of information processing apparatuses 10 included in the information processing system 1. A list candidate may be selected as a saved node list. The list generation node that generates the storage node list selected by the information processing system 1 may change every time the list generation time elapses.

The storage node list is shared between the storage nodes 200 by being transmitted and received between the information processing apparatuses 10. For example, the storage node 200 that has received the storage node list holds the storage node list. Note that the storage node 200 may not hold the storage node list.

In this example, the storage node list includes time point information indicating a list generation time point when the storage node list is generated. The fact that the storage node list includes time point information indicating the list generation time when the storage node list is generated is an example of the storage node list being associated with the list generation time.

The operation notification includes a node ID for identifying the information processing apparatus 10-p and represents that the information processing apparatus 10-p is operating as the storage node 200. The operation notification may include time point information indicating the time point when the information processing apparatus 10-p starts the operation as the storage node 200. The operation notification may include an electronic signature of the information processing apparatus 10-p.

When the information processing device 10-p is set as the list generation node, the operation notification processing unit 204 receives the operation notification transmitted by the other information processing device 10-q, and receives the received operation notification. It is stored in the operation notification storage unit 205 in association with the time point when the operation notification is received. Thereby, the operation notification storage unit 205 holds the operation notification in association with the time when the operation notification is received.

The operation notification storage unit 205 deletes the operation notification associated with the time before the time just before the notification cycle from the current time from among the held operation notifications (in other words, holding the operation notification). finish).

Note that the operation notification held in the operation notification storage unit 205 of the storage node 200 may be shared by at least one of the other storage nodes 200. At least one of operation notification sharing, storage node list candidate generation, and storage node list sharing may be realized using a technique called a block chain described in Non-Patent Document 2 below. In addition, selection of a storage node list from storage node list candidates for each list generation time point may be realized using a technique called proof-of-work described in Non-Patent Document 2 below. When the operation notification is shared by a plurality of storage nodes 200, the transmission destination of the operation notification transmitted by the operation notification processing unit 204 may be selected from the plurality of storage nodes 200 sharing the operation notification. .
Non-Patent Document 2: Satoshi Nakamoto, “Bitcoin: A Peer-to-Pert Electronic Cash System”, Bitcoin, [online], 2008, [October 2, 2015 search], Internet <URL: https: // bitcoin .org / bitcoin.pdf>

When the information processing apparatus 10-p is set as the list generation node, the storage node list generation unit 206 stores the information based on the operation notification held in the operation notification storage unit 205 every time the list generation time comes. Generate node list candidates.

When the information processing apparatus 10-p operates as the storage node 200, the storage node list storage unit 207 stores the selected storage node list every time the storage node list is selected. As described above, in this example, the storage node list includes time point information indicating the list generation time point when the storage node list is generated. When the storage node list does not include time point information, the storage node list storage unit 207 may store the storage node list and the list generation time when the storage node list is generated in association with each other.

In this example, generation of storage node list candidates is performed as follows so that a plurality of storage node list candidates generated at a plurality of different list generation times are different from each other.
The storage node list generation unit 206 assigns a randomly determined order to each of the storage nodes 200 identified by the node ID included in the operation notification held in the operation notification storage unit 205. In this example, a random decision is made using a pseudo-random number. The storage node list generation unit 206 stores information in which the node IDs included in the operation notifications held in the operation notification storage unit 205 are arranged so that the assigned order decreases from the beginning to the end. Generate as a list candidate. As a result, a storage node list candidate is generated.

In this example, the transmission destination of the storage node list request transmitted by the storage node list acquisition unit 103 may be selected from a plurality of storage nodes 200 sharing the storage node list.

The storage node list request processing unit 208 receives a storage node list request from the user node 100. When the storage node list request processing unit 208 receives the storage node list request, the storage node list request processing unit 208 stores the storage node list including the time information included in the storage node list request and held in the storage node list storage unit 207. It transmits to the user node 100 which is the transmission source of the node list request.

(Operation)
Next, the operation of the information processing system 1 will be described.
In this example, it is assumed that the information processing apparatus 10-1 operates in the first state and the information processing apparatuses 10-2,..., 10-P operate in the second state. In other words, it is assumed that the information processing apparatus 10-1 operates as the user node 100 and the information processing apparatuses 10-2,..., 10-P operate as the storage node 200. Furthermore, in this example, it is assumed that each storage node 200 is set as a list generation node.

In the following description of the operation, the information processing apparatus 10-1 may be represented as a user node 10-1. Similarly, the information processing apparatuses 10-2,..., 10-P may be represented as storage nodes 10-2,. Similarly, the information processing apparatuses 10-2,..., 10-P may be represented as list generation nodes 10-2,.

Each of the storage nodes 10-2,..., 10-P transmits an operation notification to each of the other information processing apparatuses 10-q each time the notification cycle elapses, and the transmitted operation notification is The information is stored in the storage device 12 in association with the time when the operation notification is transmitted.
The storage node 200 receives the operation notification transmitted by each of the storage nodes 10-2,..., 10-P, and associates the received operation notification with the time when the operation notification is received in the storage device 12. Remember me.

Each of the list generation nodes 10-2,..., 10-P generates a storage node list candidate based on the held operation notification every time the list generation time comes. Each of the list generation nodes 10-2, ..., 10-P transmits the generated storage node list candidate to each of the other information processing apparatuses 10-q. The information processing system 1 selects one storage node list candidate as a storage node list from the storage node list candidates. The storage node 200 stores the selected storage node list in the storage device 12.

The user node 10-1 executes the processing represented by the flowchart in FIG. 5 as follows.
The user node 10-1 receives the input information as user authentication information (step S101 in FIG. 5).

Next, the user node 10-1 waits until a user data storage request is accepted (“No” route in step S102 in FIG. 5).
When a user data storage request is input by the user of the user node 10-1, the user node 10-1 receives the input user data storage request. Therefore, the user node 10-1 determines “Yes” and selects a list generation time (step S103 in FIG. 5).

In this example, the user node 10-1 acquires the current time point. Further, the user node 10-1 randomly selects one list generation time from among at least one list generation time included in the selection period among the list generation times predetermined in the information processing system 1. . As described above, the selection period is a period between the acquired current time point and a time point before the current time point by a predetermined time (for example, 5 minutes).

Then, the user node 10-1 transmits a storage node list request including time point information indicating the selected list generation time point to each of at least one storage node 200 (step S104 in FIG. 5). Next, the user node 10-1 waits until it receives the storage node list from the storage node 200 (“No” route in step S105 in FIG. 5).

On the other hand, the storage node 200 receives the storage node list request from the user node 10-1. The storage node 200 transmits to the user node 10-1 the storage node list that is stored and includes the time point information included in the received storage node list request.

Thereby, the user node 10-1 receives at least one storage node list from the storage node 200. The user node 10-1 verifies whether or not the received storage node list is authentic, selects a storage node list that is not illegal or falsified, and holds the selected storage node list. Therefore, the user node 10-1 determines “Yes” and generates a first shared data group for the user data included in the accepted user data storage request (step S106 in FIG. 5).

In this example, the user node 10-1 encrypts the user data included in the accepted user data storage request, and from the secret data that is the encrypted user data, from the S distributed data according to the secret sharing method. A first distributed data group is generated.

Next, the user node 10-1 determines a node group for the generated first distributed data group based on the storage node list (step S107 in FIG. 5).
In this example, the user node 10-1 randomly selects S node IDs from the node IDs included in the saved node list, and the S saved items identified by the selected S node IDs. A node group including the nodes 200 is determined as a node group for the first distributed data group.

Then, the user node 10-1 transmits the S first distributed data storage requests to the S storage nodes 200 included in the determined node group for the first distributed data group (step of FIG. 5). S108). The S first distributed data storage requests include S pieces of distributed data constituting the generated first distributed data group. Further, each first distributed data storage request includes a first data ID for identifying the distributed data in the storage node 200 that is the storage destination.

Each of the S storage nodes 200 included in the node group for the first distributed data group receives the first distributed data storage request from the user node 10-1, and the distributed data included in the received first distributed data storage request The data and the first data ID are associated with each other and stored in the storage device 12.

Thereafter, the user node 10-1 generates metadata (step S109 in FIG. 5). The metadata includes information representing S storage nodes 200 each storing S pieces of distributed data constituting the first distributed data group, information used for decrypting encrypted user data, 1 data ID.

Next, the user node 10-1 generates a second distributed data group for the generated metadata (step S110 in FIG. 5).
In this example, the user node 10-1 acquires a hash value for the hash function of the input information received in step S101 of FIG. 5, and uses the acquired hash value to convert the metadata to the encryption method. Encrypt according to Further, the user node 10-1 generates a second shared data group composed of N pieces of shared data from the secret data that is the encrypted metadata according to the secret sharing method.

Then, the user node 10-1 determines a node group for the generated second distributed data group based on the storage node list (step S111 in FIG. 5).
In this example, the user node 10-1 is based on the storage node list held in step S105 in FIG. 5, the information ranking relationship, and the input information received in step S101 in FIG. N node IDs are selected from the node IDs included in the storage node list, and a node group including N storage nodes 200 respectively identified by the selected N node IDs is designated as second distributed data. Determine as the node group for the group.

Next, the user node 10-1 transmits N second distributed data storage requests to the N storage nodes 200 included in the determined node group for the second distributed data group, respectively (step of FIG. 5). S112).
The N pieces of second shared data storage requests each include N pieces of distributed data constituting the generated second shared data group. Further, each second distributed data storage request includes a second data ID for identifying the distributed data in the storage node 200 that is the storage destination.

Each of the N storage nodes 200 included in the node group for the second distributed data group receives the second distributed data storage request from the user node 10-1, and the distributed data included in the received second distributed data storage request The data and the second data ID are associated with each other and stored in the storage device 12.
Then, the user node 10-1 ends the process of FIG.

Thereafter, the user node 10-1 executes the process represented by the flowchart in FIG. 6 as follows.
The user node 10-1 accepts the input information as user authentication information as in step S101 in FIG. 5 (step S201 in FIG. 6).

Next, the user node 10-1 waits until a user data restoration request is accepted (“No” route in step S202 in FIG. 6).
When a user data restoration request is input by the user of the user node 10-1, the user node 10-1 receives the input user data restoration request. Accordingly, the user node 10-1 determines “Yes” and selects the list generation time (step S203 in FIG. 6).

In this example, the user node 10-1 acquires the current time point, and selects the list generation time point closest to the acquired current time point from the list generation time points that are predetermined in the information processing system 1.

Then, the user node 10-1 transmits a storage node list request including time point information indicating the selected list generation time point to each of at least one storage node 200 (step S204 in FIG. 6). Next, the user node 10-1 waits until it receives the storage node list from the storage node 200 (“No” route in step S205 in FIG. 6).

Thereby, the user node 10-1 receives at least one storage node list from the storage node 200. The user node 10-1 verifies whether or not the received storage node list is authentic, selects a storage node list that is not illegal or falsified, and holds the selected storage node list. Therefore, the user node 10-1 determines “Yes”, and determines a node group for the second distributed data group based on the storage node list, similarly to step S111 in FIG. 5 (step S206 in FIG. 6). .

In this example, the user node 10-1 is based on the storage node list held in step S205 in FIG. 6, the information ranking relationship, and the input information received in step S201 in FIG. N node IDs are selected from the node IDs included in the storage node list, and a node group including N storage nodes 200 respectively identified by the selected N node IDs is designated as second distributed data. Determine as the node group for the group.

Next, the user node 10-1 transmits N second distributed data provision requests to the N storage nodes 200 included in the determined node group for the second distributed data group, respectively (step in FIG. 6). S207).
Each second distributed data provision request includes the user ID included in the input information received in step S201 of FIG. 6 as the second data ID.

Each of the N storage nodes 200 included in the node group corresponding to the second distributed data group receives the second distributed data provision request from the user node 10-1, and includes the first storage data included in the received second distributed data provision request. Whether or not the distributed data associated with the two data IDs is held in the storage device 12 is determined.

Each of the N storage nodes 200 included in the node group for the second distributed data group transmits the distributed data to the user node 10-1 when the distributed data is held in the storage device 12, and the distributed node If the data is not held in the storage device 12, dummy data is transmitted to the user node 10-1.

Thereafter, the user node 10-1 receives the provision data transmitted by the storage node 200 in response to the second distributed data provision request transmitted in step S207 of FIG. 6 (step S208 of FIG. 6). As described above, the provision data received in response to the second distributed data provision request constitutes a second provision data group.

Next, the user node 10-1 restores metadata, which is secret data, according to the secret sharing method from the distributed data, which is the provided data constituting the received second provided data group (step S209 in FIG. 6).

Then, the user node 10-1 determines whether or not the metadata restoration is successful in step S209 in FIG. 6 (step S210 in FIG. 6).
If the restoration of the metadata fails, the user node 10-1 determines “No”, and the list generation time point (indicated by the time point information included in the latest storage node list request transmitted in step S204 in FIG. 6) ( In other words, a list generation time point earlier than the change time than a list generation time point associated with the storage node list that is the basis of the metadata restoration failure is acquired (step S211 in FIG. 6).

Then, the user node 10-1 transmits a storage node list request including time point information representing the list generation time acquired in step S211 of FIG. 6 to each of at least one storage node 200 (step of FIG. 6). S204). Next, as described above, the user node 10-1 executes the processing from step S205 to step S210 in FIG.

The user node 10-1 repeatedly executes the processing from step S204 to step S211 in FIG. 6 until the restoration of the metadata is successful in step S209 in FIG.
In this example, the process from step S204 to step S209 in FIG. 6 may be represented as a restoration process.

If the restoration of the metadata is successful in step S209 in FIG. 6, the user node 10-1 determines “Yes” in step S210 in FIG. 6, and the input information received in step S201 in FIG. The hash value for the hash function used to encrypt the metadata is acquired. Then, the user node 10-1 decrypts the restored metadata according to the decryption method corresponding to the encryption method used for encrypting the metadata, using the acquired hash value.

Next, the user node 10-1 transmits S first shared data provision requests to the S storage nodes 200 represented by the decrypted metadata (step S212 in FIG. 6). Each first distributed data provision request includes a first data ID included in the decrypted metadata.

Each of the S storage nodes 200 represented by the decrypted metadata receives the first distributed data provision request from the user node 10-1, and the first data included in the received first distributed data provision request It is determined whether or not the distributed data associated with the ID is held in the storage device 12.

When the distributed data is held in the storage device 12, each of the S storage nodes 200 represented by the decrypted metadata transmits the distributed data to the user node 10-1, and the distributed data If not stored in the storage device 12, dummy data is transmitted to the user node 10-1.

Thereafter, the user node 10-1 receives the provision data transmitted by the storage node 200 in response to the first distributed data provision request transmitted in step S212 in FIG. 6 (step S213 in FIG. 6). As described above, the provision data received in response to the first distributed data provision request constitutes a first provision data group.

Next, the user node 10-1 restores the user data, which is secret data, from the distributed data, which is the provided data constituting the first provided data group, according to the secret sharing method (step S214 in FIG. 6). Then, the user node 10-1 decrypts the restored user data based on the information used for decrypting the encrypted user data represented by the decrypted metadata.
Then, the user node 10-1 ends the process of FIG.

As described above, the information processing system 1 according to the first embodiment includes the current time point and a predetermined time from the current time point among a plurality of different device groups respectively associated with a plurality of different time points. One device group associated with a time point included in the period between the previous time points is selected. Each of the plurality of device groups is C selected from M storage devices 12 (C represents an integer not less than N and not more than M. In this example, C represents a value equal to N). The storage device 12 is included. Furthermore, the information processing system 1 stores the generated N pieces of distributed data in the N storage devices 12 included in the selected device group.

In addition, the information processing system 1 executes a restoration process for one of the plurality of device groups. In the restoration process, shared data is requested from each of at least some of the N storage devices 12 included in the device group, and secret data is provided from the provided data provided in response to the request according to the secret sharing method. Restoring the data. Further, when the restoration fails, the information processing system 1 sets the device group associated with the time point before the time point associated with the device group that is the basis of the failure among the plurality of device groups. On the other hand, the restoration process is executed.

According to this, the device group selected changes with the passage of time. As a result, the storage device 12 in which the distributed data is stored changes with time. As a result, it is possible to reduce the probability that the user who intends to obtain the secret data illegally specifies the storage destination of the distributed data used for restoring the secret data. Therefore, it is possible to prevent the secret data from being illegally acquired.

Further, the information processing system 1 does not store the information (second data ID in this example) for identifying the secret data (metadata in this example) and the information for specifying the storage destination of the distributed data in association with each other. . Therefore, it is possible to reduce the probability that a user who intends to illegally acquire the secret data specifies the storage destination of the distributed data used for restoring the secret data. Therefore, it is possible to prevent the secret data from being illegally acquired.

In addition, when the restoration of the secret data fails, the information processing system 1 performs the restoration for the device group associated with the time point before the time point associated with the device group that is the basis of the failure. Perform the restoration process. Therefore, when the restoration of the secret data fails, it is possible to increase the probability that the restoration of the secret data is successful as compared with the case where the restoration process is executed on a randomly selected device group. As a result, when the restoration of the secret data is requested, the processing load for specifying the storage destination of the distributed data used for restoring the secret data can be suppressed.

Furthermore, as the time from when the secret data is stored until the restoration of the secret data is requested becomes shorter, the number of device group candidates used for storing the secret data decreases. Therefore, the shorter the time is, the shorter the time required for the information processing system 1 to specify the storage destination of the distributed data used for restoring the secret data. As a result, user convenience can be improved.

Furthermore, the information processing system 1 according to the first embodiment receives a save request in association with input information input by the user, and when the save request is accepted, associates the plurality of device groups with the save request. Set based on input information. In addition, the information processing system 1 accepts a restoration request in association with input information input by the user. When the restoration request is accepted, the information processing system 1 selects the plurality of device groups based on the input information associated with the restoration request. To set.

According to this, when the user inputs the input information common to the two cases of the case where the storage of the secret data is requested and the case where the restoration of the secret data is requested, the information processing system 1 A device group common to the two cases is set. Therefore, it is possible to reduce the probability that secret data stored in response to a request from a user is restored in response to a request from a user different from the user.

Further, in the information processing system 1 according to the first embodiment, the metadata as the secret data includes the plurality of storage devices 12 each storing a plurality of shared data generated according to the secret sharing method from the user data as the secret data. It is data containing information to represent.

According to this, storage destinations of information for specifying storage destinations of a plurality of distributed data generated from user data are distributed to the plurality of storage devices 12. Therefore, it is possible to reduce the probability that the storage destinations of a plurality of distributed data generated from user data are specified. Therefore, unauthorized acquisition of user data can be suppressed.

Note that the metadata size may have a certain value (for example, 1 megabyte, 10 megabyte, or 10 megabyte). In this case, it is preferable that the size of the dummy data transmitted in response to the second distributed data provision request is equal to the size of the metadata. According to this, it is possible to prevent the user node 100 from knowing whether the provided data is distributed data or dummy data based on the size of the provided data received in response to the second distributed data provision request. .

The user data may include a plurality of data blocks. For example, the data block is a file. In this case, the metadata may include information for identifying each data block (for example, the name of the data block, the date and time when the data block was created, or the date and time when the data block was updated). Further, in this case, when the metadata is decrypted, the user node 100 may output a list of data blocks included in the user data via the output device 15 based on information included in the metadata. In addition, in this case, the user node 100 may receive information for identifying the data block input by the user of the user node 100 via the input device 14 and selected by the user. In this case, the user node 100 may request the storage node 200 for distributed data for the data block identified by the received information.
Note that the information processing system 1 may use the user authentication information as a user data restoration request. In this case, the process of step S202 of FIG. 6 may be omitted.

<First Modification of First Embodiment>
Next, an information processing system according to a first modification of the first embodiment will be described. The information processing system according to the first modification of the first embodiment is different from the information processing system according to the first embodiment in that the device group that is a target for executing the restoration process is limited. Hereinafter, the difference will be mainly described. In addition, in description of the 1st modification of 1st Embodiment, what attached | subjected the code | symbol same as the code | symbol used in 1st Embodiment is the same or substantially the same.

In this example, the user data restoration request includes period information indicating a period. The period information includes a time point when the period starts and a time point when the period ends. Note that the period information may include one point in time when the period starts and the point when the period ends, and the length of the period.
For example, the user of the user node 100 inputs a user data restoration request including period information indicating a period including the time point when the user data storage request is input.

When the user data restoration request is accepted, the storage node list acquisition unit 103 is included in the period represented by the period information included in the user data restoration request, among the list generation points predetermined in the information processing system 1. Select the latest list generation time from the list generation time.

When the period information does not include time point information indicating the time point when the period starts, the storage node list acquisition unit 103 is the oldest of the list generation time points associated with the storage node list held by the storage node 200. The list generation time may be used as the time when the period represented by the period information starts. In addition, when the period information does not include the time point information indicating the time point when the period ends, the storage node list acquisition unit 103 has the latest of the list generation time points associated with the storage node list held by the storage node 200. The list generation time may be used as the time when the period represented by the period information ends.

The storage node list acquisition unit 103 transmits a storage node list request including time point information indicating the selected list generation time point to the storage node 200 that stores the storage node list. The storage node list acquisition unit 103 receives (in other words, acquires) the storage node list transmitted by the storage node 200 in response to the storage node list request.

Further, in this example, when the secret data restoration unit 109 fails to restore the secret data for the second provided data group, the save node list acquisition unit 103 is associated with the save node list that is the basis of the failure. The list generation time point that is the change time before the list generation time point (in other words, the storage node list is generated) is acquired.

Then, the storage node list acquisition unit 103 determines whether or not the acquired list generation time is included in the period represented by the period information included in the user data restoration request that is the basis of the second provided data group. .

When the acquired list generation time is included in the period, the storage node list acquisition unit 103 sends a storage node list request including time information indicating the acquired list generation time to the storage node 200 holding the storage node list. Send. The storage node list acquisition unit 103 receives (in other words, acquires) the storage node list transmitted by the storage node 200 in response to the storage node list request.

If the acquired list generation time is not included in the period, the storage node list acquisition unit 103 ends the process of acquiring the storage node list. Thereby, the user node 100 ends the process of acquiring user data. In this case, the user node 100 may output information indicating that the process has ended via the output device 15. The information may include information indicating that acquisition of the storage node list has failed. The information may include information indicating that acquisition of user data has failed.

As described above, the information processing system 1 according to the first modification of the first embodiment can achieve the same operations and effects as the information processing system 1 according to the first embodiment.
Furthermore, the information processing system 1 according to the first modification of the first embodiment receives period information that is input by a user and that represents a period. Furthermore, the information processing system 1 limits the device group to be subjected to the restoration process to a device group associated with the time point included in the period represented by the accepted period information among the plurality of device groups. .

According to this, it is possible to increase the probability of successful restoration of secret data. As a result, when restoring the secret data, the processing load for specifying the storage destination of the distributed data used for restoring the secret data can be suppressed. In addition, when the user inputs the user authentication information by mistake, it is possible to suppress the processing load for determining the failure to restore the secret data.

<Second Modification of First Embodiment>
Next, an information processing system according to a second modification of the first embodiment will be described. The information processing system of the second modification example of the first embodiment is different from the information processing system of the first embodiment in a method for determining a node group for the second distributed data group. Hereinafter, the difference will be mainly described. In addition, in description of the 2nd modification of 1st Embodiment, what attached | subjected the code | symbol same as the code | symbol used in 1st Embodiment is the same or substantially the same.

In this example, the node group determination unit 104 determines the node group for the second distributed data group as follows.
The node group determination unit 104 selects an information rank relationship associated with the list generation time point associated with the acquired storage node list from among a plurality of different information rank relationships respectively associated with a plurality of different list generation time points. To do.

Each information rank relationship is a predetermined relationship between input information and N different ranks.
In this example, in each information rank relationship, the n-th rank among the N ranks is added to the input information with information representing n and time point information representing the list generation time point associated with the information rank relationship. It is determined that the value obtained by dividing the hash value for a predetermined hash function whose hash value is an integer by the number of storage nodes 200 included in the storage node list is equal to a value obtained by adding 1 to the remainder. n represents each integer of 1 to N.

The node group determination unit 104 is included in the storage node list based on the acquired storage node list, the selected information ranking relationship, and the input information associated with the user data storage request or the user data restoration request. N node IDs are selected from the node IDs to be selected.

As described above, the information processing system 1 according to the second modification of the first embodiment can exhibit the same operations and effects as the information processing system 1 according to the first embodiment.
Furthermore, in the information processing system 1 according to the second modification of the first embodiment, the plurality of device groups include a plurality of different device ranking information (in this example, storage node list) respectively associated with a plurality of list generation points. And a plurality of different information ranking relationships respectively associated with the plurality of list generation times.

According to this, it is possible to change the device group selected with time more reliably. As a result, it is possible to reduce the probability that the user who intends to obtain the secret data illegally specifies the storage destination of the distributed data used for restoring the secret data. Therefore, it is possible to prevent the secret data from being illegally acquired.

Note that generation of a storage node list candidate by the storage node list generation unit 206 may be performed as follows.
The storage node list generation unit 206 applies the node ID to each of the storage nodes 200 identified by the node ID included in the operation notification held in the operation notification storage unit 205 according to a predetermined algorithm (for example, in ascending order or descending order). ) Give rankings to line up. The storage node list generation unit 206 stores information in which the node IDs included in the operation notifications held in the operation notification storage unit 205 are arranged so that the assigned order decreases from the beginning to the end. Generate as a list candidate.

In this case, when the operation notification held in the operation notification storage unit 205 does not change, the generated storage node list candidate does not change. Therefore, a plurality of storage node list candidates respectively generated at a plurality of different list generation times may match. However, in the information processing system 1 of the second modified example of the first embodiment, the information rank relationship used for determining the node group for the second distributed data group changes with the passage of time. Therefore, it is possible to change the selected device group with the passage of time.

In this case, information is unlikely to change between the saved node lists. Therefore, the information processing system 1 includes, as a plurality of storage node lists, one storage node list included in the plurality of storage node lists, and the one storage node list and other storage nodes included in the plurality of storage node lists. It is preferable to transmit information representing a difference from each node list. Thereby, the communication load for transmitting the storage node list can be suppressed.

<Third Modification of First Embodiment>
Next, an information processing system according to a third modification of the first embodiment will be described. The information processing system of the third modified example of the first embodiment is different from the information processing system of the first embodiment in that identification information different from the user ID is used as the second data ID. Hereinafter, the difference will be mainly described. In addition, in description of the 3rd modification of 1st Embodiment, what attached | subjected the code | symbol same as the code | symbol used in 1st Embodiment is the same or substantially the same.

In this example, the second data ID included in the second distributed data storage request transmitted by the distributed data storage request transmission unit 106 is a one-time identifier (in other words, a one-time ID). In this example, the one-time ID constitutes identification information. The distributed data storage request transmitting unit 106 determines the user ID and password included in the input information associated with the user data storage request that is the basis of the second distributed data storage request, and the node group for the second distributed data group The one-time ID is generated based on the list generation time point associated with the storage node list used in the above.

Specifically, the distributed data storage request transmission unit 106 uses a hash value for a predetermined hash function of information obtained by adding time information representing the list generation time to the input information as the one-time ID. For example, the hash function is a hash function called MD5, SHA-0, SHA-1, SHA-2, or SHA-3.

Similarly, the second data ID included in the second distributed data provision request transmitted by the provision data acquisition unit 108 is also a one-time ID. Similar to the distributed data storage request transmission unit 106, the provided data acquisition unit 108 includes the user ID and password included in the input information associated with the user data restoration request that is the basis of the second distributed data provision request, the first The one-time ID is generated based on the list generation time point associated with the storage node list used to determine the node group for the two distributed data groups.

Specifically, the provided data acquisition unit 108, like the distributed data storage request transmission unit 106, obtains the hash value for the hash function of the information obtained by adding the time information indicating the list generation time to the input information. Used as a time ID.

As described above, the information processing system 1 according to the third modification of the first embodiment can exhibit the same operations and effects as the information processing system 1 according to the first embodiment.
Furthermore, the information processing system 1 according to the third modification of the first embodiment generates identification information (one-time ID in this example) based on the time point associated with the selected device group, and includes N pieces of information. Each of the distributed data is stored in association with the generated identification information.

According to this, for example, the probability that the user who requested the storage of the secret data is specified can be reduced as compared with the case of storing the secret data in association with the information for identifying the user. Therefore, for example, when the secret data is encrypted based on the information for identifying the user, the probability that the secret data is decrypted can be reduced.

Note that the one-time ID may be a remainder when the hash value for the hash function of the information obtained by adding the time information indicating the list generation time to the input information is divided by the first parameter. The first parameter is a positive integer. In the present example, the first parameter is predetermined in the information processing system 1. According to this, it is possible to reduce the probability that the information that is the basis for generating the one-time ID is specified.

Note that the first parameter may vary. In this case, the first parameter may be determined so as to increase as the number of node IDs included in the storage node list increases. In this case, for example, a first parameter function that defines the relationship between the number of node IDs included in the storage node list and the first parameter is predetermined in the information processing system 1.

<Fourth Modification of First Embodiment>
Next, an information processing system according to a fourth modification of the first embodiment will be described. The information processing system of the fourth modified example of the first embodiment is different from the information processing system of the first embodiment in that identification information different from the user ID is used as the second data ID. Hereinafter, the difference will be mainly described. In addition, in description of the 4th modification of 1st Embodiment, what attached | subjected the code | symbol same as the code | symbol used in 1st Embodiment is the same or substantially the same.

In this example, the second data ID included in the second distributed data storage request transmitted by the distributed data storage request transmission unit 106 is a one-time identifier (in other words, a one-time ID). In this example, the one-time ID constitutes identification information. The distributed data storage request transmission unit 106 generates different information for each storage node 200 as a one-time ID for the N storage nodes 200 included in the node group for the second distributed data group.

In this example, the one-time ID for the nth storage node 200 among the N storage nodes 200 included in the node group for the second distributed data group is the rth storage of the N storage nodes 200. The hash value for the predetermined hash function of the information added to the user ID included in the input information associated with the user data storage request that is the basis of the second distributed data storage request is the node ID that identifies the node 200 is there. r represents n + 1 when n represents each integer from 1 to N-1, and represents 1 when n represents N. For example, the hash function is a hash function called MD5, SHA-0, SHA-1, SHA-2, or SHA-3.

Similarly, the second data ID included in the second distributed data provision request transmitted by the provision data acquisition unit 108 is also a one-time ID. Similar to the distributed data storage request transmission unit 106, the provided data acquisition unit 108 provides different information for each storage node 200 to the N storage nodes 200 included in the node group for the second distributed data group as a one-time ID. Generate as

Specifically, the provided data acquisition unit 108, like the distributed data storage request transmission unit 106, uses the N storage data as a one-time ID for the nth storage node 200 among the N storage nodes 200. The node ID for identifying the r-th storage node 200 among the nodes 200 is the information added to the user ID included in the input information associated with the user data restoration request that is the basis of the second distributed data provision request. The hash value for the hash function is used.

As described above, the information processing system 1 of the fourth modification example of the first embodiment can exhibit the same operations and effects as the information processing system 1 of the first embodiment.
Furthermore, the information processing system 1 according to the fourth modified example of the first embodiment generates identification information (in this example, a one-time ID) based on the time point associated with the selected device group, and includes N pieces of information. Each of the distributed data is stored in association with the generated identification information.

Furthermore, the information processing system 1 according to the fourth modification of the first embodiment generates different information for each of the storage devices 12 as identification information for the N storage devices 12 included in the selected device group.

According to this, the probability that the distributed data used for restoring the secret data is specified based on the identification information can be reduced.

The one-time ID for the n-th storage node 200 among the N storage nodes 200 is a node ID for identifying the r-th storage node 200 among the N storage nodes 200 as input information. It may be a remainder when the hash value for the hash function of the information added to the included user ID is divided by the first parameter. The first parameter is a positive integer. In the present example, the first parameter is predetermined in the information processing system 1. According to this, it is possible to reduce the probability that the information that is the basis for generating the one-time ID is specified.

Second Embodiment
Next, an information processing system according to the second embodiment will be described. The information processing system according to the second embodiment is different from the information processing system according to the first embodiment in that the time required for restoring the secret data varies depending on the strength of the password used for user authentication. Yes. Hereinafter, the difference will be mainly described. In addition, in description of 2nd Embodiment, what attached | subjected the code | symbol same as the code | symbol used in 1st Embodiment is the same or substantially the same.

In this example, the determination of the node group for the second distributed data group when the user data storage request is accepted by the node group determination unit 104 is performed as follows.

When the user data storage request is accepted, the node group determination unit 104 determines the number of candidates C based on the password included in the input information associated with the user data storage request. The number of candidates C is set to a larger number as the password is more easily identified (in other words, the strength of the password is lower) in a range larger than N and smaller than or equal to M.

In this example, the number of candidates C is determined as follows. Based on the password, the node group determination unit 104 calculates a parameter having a value that decreases as the password is easily identified.
For example, when the number of characters constituting the password is equal to or greater than a predetermined threshold, the node group determining unit 104 adds a predetermined increment value to the parameter. For example, when the password includes a number, the node group determination unit 104 adds a predetermined increment value to the parameter. For example, the node group determination unit 104 adds a predetermined increment value to the parameter when the password includes lower case letters. For example, when the password includes alphabetic capital letters, the node group determination unit 104 adds a predetermined increment value to the parameter. For example, the node group determination unit 104 adds a predetermined increment value to the parameter when the password includes a symbol (for example, a number or a character other than the alphabet). Further, for example, when the password does not include the character string included in the user ID, the node group determination unit 104 adds a predetermined increment value to the parameter. For example, when the password does not include a character string included in the dictionary, the node group determination unit 104 adds a predetermined increment value to the parameter.

The node group determination unit 104 determines the number of candidates C in a range larger than N and equal to or smaller than M so that the number of candidates increases as the calculated parameter decreases. Thereby, the number of candidates C is determined.

The node group determination unit 104 determines in advance the storage node list acquired by the storage node list acquisition unit 103 when the user data storage request is accepted, and the ranks and input information in which the determined candidate number C is different. Based on the information ranking relationship and the input information associated with the user data storage request, the node ID of the determined candidate number C is selected from the node IDs included in the storage node list (in other words, decide. The candidate number C storage nodes 200 respectively identified by the selected candidate number C node IDs constitute a candidate node group.

Specifically, the node group determination unit 104 acquires different ranks of the candidate number C based on the input information associated with the user data storage request and the information rank relationship, and stores them in the storage node list. From the included node IDs, node IDs with candidate numbers C corresponding to the ranks of acquired candidate numbers C are selected.

In this example, in the information rank relationship, the c-th rank among the ranks of the candidate number C is a hash value for a predetermined hash function having an integer hash value of information obtained by adding information representing c to the input information. , It is determined to be equal to the value obtained by adding 1 to the remainder when divided by the number of storage nodes 200 included in the storage node list. c represents an integer of 1 to C.

Further, the node group determination unit 104 randomly selects N node IDs from the selected number C of node IDs. In addition, the node group determination unit 104 determines a node group including N storage nodes 200 respectively identified by N node IDs selected at random as a node group for the second distributed data group. As a result, the node group for the second distributed data group is determined.

In addition, when the user data restoration request is accepted, the node group determination unit 104 is based on the password included in the input information associated with the user data restoration request, similarly to the case where the user data restoration request is accepted. The candidate number C is determined. The relationship between the password and the number of candidates C determined by the node group determination unit 104 is common when a user data storage request is accepted and when a user data restoration request is accepted.

Similarly to the case where the user data storage request is received, the node group determination unit 104 determines the storage node list acquired by the storage node list acquisition unit 103 when the user data restoration request is received, and the information rank relationship. Based on the input information associated with the user data restoration request, the node ID of the determined candidate number C is selected (in other words, determined) from the node IDs included in the storage node list. The candidate number C storage nodes 200 respectively identified by the selected candidate number C node IDs constitute a candidate node group.

In this example, the provided data acquisition unit 108 adds the number of candidate C to the storage node 200 of the number C of candidates included in the candidate node group determined by the node group determination unit 104 when the user data restoration request is received. Each second distributed data provision request is transmitted. The provided data acquisition unit 108 stores a part of the storage nodes 200 of the number C of candidates included in the candidate node group determined by the node group determination unit 104 when the user data restoration request is received. The second distributed data provision request may be transmitted to each of the nodes 200. In this case, if the restoration of the secret data fails, the provision data acquisition unit 108 transmits a second distributed data provision request to the remaining storage nodes 200 among the number C of candidate storage nodes 200 included in the candidate node group. You can do it.

The provided data acquisition unit 108 receives the provided data transmitted (in other words, provided) by the storage node 200 in response to the transmitted second distributed data provision request. The provision data received in response to the second distributed data provision request constitutes a second provision data group. Thereby, the provision data acquisition unit 108 acquires the second provision data group. Note that the storage node 200 may not transmit the provision data in response to the second distributed data provision request. Therefore, the number of provision data constituting the second provision data group may be smaller than C. In addition, the storage node 200 may transmit predetermined dummy data in response to the second distributed data provision request. Accordingly, the second provided data group may include data different from the distributed data that constitutes the second distributed data group.

The secret data restoration unit 109 generates all the combinations of the N storage nodes 200 selected from the number C of candidate storage nodes 200 included in the candidate node group determined by the node group determination unit 104. Each combination of N storage nodes 200 constitutes a node group candidate. In other words, each node group candidate is configured by N storage nodes 200.

The secret data restoration unit 109 includes, for each of the generated node group candidates, N included in the node group candidates included in the provision data constituting the second provision data group acquired by the provision data acquisition unit 108. The secret data is restored from the distributed data that is the provided data provided by the storage nodes 200 according to the secret sharing method.

Next, the operation of the information processing system 1 according to the second embodiment will be described.
Instead of the process of FIG. 5, the user node 10-1 executes a process in which the process of step S111 in the process of FIG. 5 is replaced with the process from step S121 to step S123 of FIG.

Specifically, after executing the process of step S110 in FIG. 5, the user node 10-1 determines the number of candidates C based on the password included in the input information received in step S101 of FIG. Step S121 in FIG.

Next, the user node 10-1 proceeds to step S110 in FIG. 5 based on the storage node list held in step S105 in FIG. 5 and the candidate number C determined in step S121 in FIG. A candidate node group for the generated second distributed data group is determined (step S122 in FIG. 7).

In this example, the user node 10-1 is based on the storage node list held in step S105 in FIG. 5, the information ranking relationship, and the input information received in step S101 in FIG. A candidate node group is determined by selecting the node ID of the candidate number C determined in step S121 of FIG. 7 from the node IDs included in the storage node list.

Next, the user node 10-1 randomly selects N storage nodes 200 from the number C of candidate storage nodes 200 constituting the determined candidate node group, and is a node including the selected N storage nodes 200. The group is determined as a node group for the second distributed data group (step S123 in FIG. 7). Thereafter, the user node 10-1 executes the processing after step S112 in FIG.

Further, the user node 10-1 executes processing in which the processing from step S204 to step S211 in the processing in FIG. 6 is replaced with the processing from step S221 to step S232 in FIG. 8 instead of the processing in FIG. .

Specifically, after executing the process of step S203 of FIG. 6, the user node 10-1 determines the number of candidates C based on the password included in the input information received in step S201 of FIG. Step S221 in FIG. Next, the user node 10-1 executes the processing of Step S222 and Step S223 of FIG. 8 in the same manner as Step S204 and Step S205 of FIG.

Then, similarly to step S122 in FIG. 7, the user node 10-1 is based on the storage node list held in step S223 in FIG. 8 and the candidate number C determined in step S221 in FIG. Thus, a candidate node group for the second distributed data group is determined (step S224 in FIG. 8).

In this example, the user node 10-1 is based on the storage node list held in step S223 in FIG. 8, the information ranking relationship, and the input information received in step S201 in FIG. A candidate node group is determined by selecting the node ID of the number of candidates C determined in step S221 in FIG. 8 from the node IDs included in the storage node list.

Next, the user node 10-1 transmits the second distributed data provision request for the candidate number C to the storage node 200 for the candidate number C included in the determined candidate node group (step S225 in FIG. 8).

Each of the number C of candidate storage nodes 200 included in the candidate node group receives the second distributed data provision request from the user node 10-1, and receives the second data ID included in the received second distributed data provision request and It is determined whether or not the associated distributed data is held in the storage device 12.

When the distributed data is stored in the storage device 12, each of the storage nodes 200 having the number of candidates C included in the candidate node group transmits the distributed data to the user node 10-1, and the distributed data is stored in the storage device. If not, the dummy data is transmitted to the user node 10-1.

Thereafter, the user node 10-1 receives the provision data transmitted by the storage node 200 in response to the second distributed data provision request transmitted in step S225 of FIG. 8 (step S226 of FIG. 8). As described above, the provision data received in response to the second distributed data provision request constitutes a second provision data group.

Next, the user node 10-1 generates all the combinations of N storage nodes 200 selected from the number C of candidate storage nodes 200 included in the candidate node group determined in step S224 of FIG. Step S227 in FIG. As described above, each of the combinations constitutes a node group candidate.

Then, the user node 10-1 sequentially executes a loop process for each of the generated node group candidates. The start and end of the loop processing are step S228 and step S231 in FIG. 8, respectively. Note that the user node 10-1 may execute a plurality of loop processes in parallel.

In the loop processing, the user node 10-1 determines that N pieces of provision data included in the second provision data group received in step S226 in FIG. The metadata that is the secret data is restored from the distributed data that is the provided data provided by the storage node 200 according to the secret sharing method (step S229 in FIG. 8).

Next, in the loop processing, the user node 10-1 determines whether or not the metadata restoration has succeeded in step S229 in FIG. 8 (step S230 in FIG. 8).
When the restoration of the metadata is successful, the user node 10-1 determines “Yes”, ends all the loop processing for each of the generated node group candidates, and executes the processing after step S212 in FIG. To do.

If the restoration of the metadata fails, the user node 10-1 determines “No” and proceeds to step S231 in FIG.
In this way, the user node 10-1 executes a loop process for each of the generated node group candidates.

If the restoration of the metadata is not successful before the loop processing for each of the generated node group candidates is completed, the user node 10-1 displays the latest saved node list transmitted in step S222 in FIG. A list generation time point that is earlier than the change time than the list generation time point indicated by the point-in-time information included in the request (in other words, the list generation time point associated with the storage node list that caused the metadata restoration failure) Obtained (step S232 in FIG. 8).

Then, the user node 10-1 transmits a storage node list request including time point information representing the list generation time acquired in step S232 of FIG. 8 to each of at least one storage node 200 (step of FIG. 8). S222). Next, as described above, the user node 10-1 executes the processing from step S223 to step S231 in FIG.

The user node 10-1 repeatedly executes the processing from step S222 to step S232 in FIG. 8 until the metadata is successfully restored in step S229 in FIG.

As described above, the information processing system 1 of the second embodiment can exhibit the same operations and effects as the information processing system 1 of the first embodiment.
Further, in the information processing system 1 according to the second embodiment, the number C of storage devices 12 included in the device group (candidate node group in this example) is large enough that the password used for user authentication is easily specified. Is set.

In addition, the information processing system 1 randomly selects N storage devices 12 from the C storage devices 12 included in the selected device group (candidate node group in this example). The generated N pieces of distributed data are stored in the N storage devices 12, respectively. Further, the information processing system 1 requests distributed data from each of the C storage devices 12 included in the device group (candidate node group in this example). In addition, for each combination of N pieces of provided data selected from the C pieces of provided data provided in response to the request, the information processing system 1 uses the N pieces of provided data constituting the combination. Restore secret data according to the secret sharing method.

According to this, the number C of the storage devices 12 included in the device group (candidate node group in this example) is set to a large number so that the password used for user authentication can be easily specified. Therefore, the more easily the password used for user authentication is identified, the more likely it is that the restoration of secret data will fail. For this reason, the easier it is to specify the password used for user authentication, the longer the time required to specify the storage destination of the distributed data used to restore the secret data. Accordingly, it is possible to give the user a motive for setting a password that is difficult to specify as a password used for user authentication. In addition, when a password used for user authentication is easily specified, a storage destination of distributed data used for restoring the secret data of the user by a user who intends to illegally acquire the secret data of the user It is possible to increase the processing load for specifying the. Therefore, it is possible to prevent the secret data of the user from being illegally acquired.

<Third Embodiment>
Next, an information processing system according to the third embodiment will be described. The information processing system according to the third embodiment is different from the information processing system according to the first embodiment in that the provision of the provision data to the user node is prohibited when a predetermined condition is satisfied. Hereinafter, the difference will be mainly described. In addition, in description of 3rd Embodiment, what attached | subjected the code | symbol same as the code | symbol used in 1st Embodiment is the same or substantially the same.

In this example, the transmission of the second distributed data provision request by the user node 100 is performed as communication in which the transmission source is disclosed. The transmission of the second distributed data provision request may be performed as non-anonymous communication, and for example, may be performed using a technique called TLS (Transport Layer Security).

In this example, the second data ID included in the second distributed data storage request transmitted by the distributed data storage request transmission unit 106 includes a one-time ID and generation time information indicating a list generation time. The generation time point information represents a list generation time point associated with the storage node list used for determining the node group for the second distributed data group. Note that the second data ID may include a user ID instead of the one-time ID. The second data ID may include input information instead of the one-time ID.
In this example, the generation time point information constitutes time point identification information for identifying the time point.

The distributed data storage request transmitting unit 106 determines the user ID and password included in the input information associated with the user data storage request that is the basis of the second distributed data storage request, and the node group for the second distributed data group The one-time ID is generated based on the generation time point information indicating the list generation time point associated with the storage node list used in the above. In this example, the one-time ID constitutes generation information generated based on the input information.

Specifically, the distributed data storage request transmission unit 106 uses, as the one-time ID, a hash value for a predetermined hash function of information obtained by adding generation time information representing the list generation time to the input information. For example, the hash function is a hash function called MD5, SHA-0, SHA-1, SHA-2, or SHA-3.

Similarly, the second data ID included in the second distributed data provision request transmitted by the provision data acquisition unit 108 also includes a one-time ID and generation time information indicating the list generation time. The generation time point information represents a list generation time point associated with the storage node list used for determining the node group for the second distributed data group. Similar to the distributed data storage request transmission unit 106, the provided data acquisition unit 108 includes the user ID and password included in the input information associated with the user data restoration request that is the basis of the second distributed data provision request, the first The one-time ID is generated based on the generation time information indicating the list generation time associated with the storage node list used for determining the node group for the two distributed data groups.

Specifically, the provided data acquisition unit 108, like the distributed data storage request transmission unit 106, obtains the hash value for the hash function of the information obtained by adding the generation time information indicating the list generation time to the input information. Used as a one-time ID.

As illustrated in FIG. 9, the function of the storage node 200 includes a non-holding notification processing unit 209, a non-holding notification storage unit 210, and a reject node list generation in addition to the function of the storage node 200 of the first embodiment. Section 211 and a reject node list storage section 212. In this example, the provision request processing unit 203 and the reject node list generation unit 211 constitute a prohibition unit.

When the second distributed data provision request is received, the non-retention notification processing unit 209 holds the distributed data associated with the second data ID included in the second distributed data provision request in the distributed data storage unit 202. If not, a non-holding notification is transmitted to each of the other storage nodes 200, and the non-holding notification is stored in the non-holding notification storage unit 210 in association with the time when the non-holding notification is transmitted.

The non-holding notification includes transmission source identification information for identifying the information processing apparatus 10 that is a transmission source of the second distributed data provision request, and a one-time ID included in the second data ID included in the second distributed data provision request. And generation time information, and transmission time information indicating the time when the non-holding notification is transmitted. In this example, the transmission source identification information is an IP address. Note that the non-holding notification may include a hash value of a one-time ID for a predetermined hash function instead of the one-time ID. The non-holding notification may include an electronic signature of the information processing apparatus 10-p that transmits the non-holding notification.

When the information processing device 10-p operates as the storage node 200, the non-holding notification processing unit 209 receives the non-holding notification transmitted by the other information processing device 10-q and receives the received non-holding notification. Are stored in the non-holding notification storage unit 210 in association with the time when the non-holding notification is received. Thereby, the non-holding notification storage unit 210 holds the non-holding notification in association with the time when the non-holding notification is received.

Note that the non-holding notification held in the non-holding notification storage unit 210 of the storage node 200 may be shared by at least one of the other storage nodes 200. Sharing of non-holding notifications may be realized using a technique called a block chain. Further, when a non-holding notification is shared by a plurality of storage nodes 200, the destination of the non-holding notification transmitted by the non-holding notification processing unit 209 is selected from among the plurality of storage nodes 200 sharing the non-holding notification. May be selected.

When the information processing apparatus 10-p operates as the storage node 200, the refusal node list generation unit 211 notifies the non-holding notification held in the non-holding notification storage unit 210 every time a predetermined generation cycle elapses. Based on this, a reject node list is generated, and the generated reject node list is stored in the reject node list storage unit 212. Thereby, the reject node list storage unit 212 holds a reject node list.

The refusal node list represents the information processing apparatus 10 that is prohibited from providing the provision data from the storage node 200 in response to the second distributed data provision request among the P information processing apparatuses 10-1, ..., 10-P. Information. In this example, the refusal node list includes an IP address of the information processing apparatus 10 that is prohibited from providing the provision data.

In this example, the reject node list is generated as follows.
The refusal node list generation unit 211 has the same generation time point information among non-holding notifications held in the non-holding notification storage unit 210, the one-time ID is different, and the time point indicated by the transmission time point information is predetermined. The number of non-holding notifications included in the determination period is acquired for each transmission source identification information. In this example, the determination period is a period from the current time point to a time point that is a predetermined determination time before.

The reject node list generation unit 211 generates a reject node list including transmission source identification information in which the number of acquired non-holding notifications is equal to or greater than a predetermined threshold number. As a result, a reject node list is generated.

Note that the reject node list held in the reject node list storage unit 212 of the storage node 200 may be shared by at least one of the other storage nodes 200. The sharing of the reject node list may be realized using a technique called a block chain.

When the second shared data provision request is received, the provision request processing unit 203 receives the source node identification information for identifying the user node 100 that is the transmission source of the second distributed data provision request, as a rejection node list request processing unit 213. It is determined whether or not it is included in the reject node list obtained by

The provision request processing unit 203 is the transmission source of the second distributed data provision request when the sender identification information for identifying the user node 100 that is the transmission source of the second distributed data provision request is included in the reject node list. Dummy data is transmitted to the user node 100. Transmission of dummy data is an example of prohibiting provision of distributed data. In this case, the provision request processing unit 203 may not transmit data to the user node 100 that is the transmission source of the second distributed data provision request.

If the transmission source identification information for identifying the user node 100 that is the transmission source of the second distributed data provision request is not included in the reject node list, the provision request processing unit 203 includes the second distribution data provision request. The distributed data stored in the distributed data storage unit 202 in association with the two data IDs is transmitted to the user node 100 that is the transmission source of the second distributed data provision request.

The provision request processing unit 203 prohibits provision of distributed data based on the reject node list even when the first distributed data provision request is received, as in the case where the second distributed data provision request is received. May be.

Next, the operation of the information processing system 1 according to the third embodiment will be described.
The storage node 10-w executes the processing represented by the flowchart in FIG. 10 as follows. w represents an integer of 2 to P.

The storage node 10-w waits until it receives the second distributed data provision request from the user node 10-1 (“No” route in step S303 in FIG. 10).

Thereafter, when the second distributed data provision request is received from the user node 10-1, the storage node 10-w determines “Yes”, and whether or not the transmission source node exists in the held reject node list. Is determined (step S304 in FIG. 10). The transmission source node is a transmission source of the second distributed data provision request. In this example, the transmission source node is the user node 10-1.

When the transmission source node exists in the rejection node list, the storage node 10-w determines “Yes”, ends the processing of FIG. 10 without transmitting both the distributed data and the non-holding notification.
When the transmission source node does not exist in the rejection node list, the storage node 10-w determines “No” and the second data ID included in the second distributed data provision request received in step S303 in FIG. It is determined whether or not the associated distributed data is held in the storage device 12 (step S305 in FIG. 10).

If the storage device 12 holds the distributed data associated with the second data ID included in the second distributed data provision request, the storage node 10-w determines “Yes” and provides the second distributed data The provided data that is the distributed data is transmitted to the user node 10-1 that is the transmission source of the request (step S306 in FIG. 10). Then, the storage node 10-w ends the process of FIG.

On the other hand, when the shared data associated with the second data ID included in the second shared data provision request is not held in the storage device 12, the storage node 10-w determines “No” and performs another storage. A non-holding notification is transmitted to each of the nodes 200 (step S307 in FIG. 10).

The non-holding notification includes transmission source identification information for identifying the user node 10-1 that is a transmission source of the second distributed data provision request, and a one included in the second data ID included in the second distributed data provision request. It includes a time ID and generation time information, and transmission time information indicating the current time as the time when the non-holding notification is transmitted.
Then, the storage node 10-w ends the process of FIG.

As described above, the information processing system 1 of the third embodiment can exhibit the same operations and effects as the information processing system 1 of the first embodiment.
Furthermore, in the information processing system 1 according to the third embodiment, the request for the distributed data generated from the metadata is the second distributed data provision request including the one-time ID and the generation time information from the user node 100 to the storage node 200. This is done by sending

In addition, the information processing system 1 transmits, from the user node 100, a second distributed data provision request equal to or greater than a predetermined threshold number that has the same generation time information and a different one-time ID within a predetermined determination time. If it is, provision of provision data in response to the request from the user node 100 is prohibited.

When a user who has requested storage of secret data requests restoration of the secret data, a plurality of second distributed data provision requests having the same generation time information and different one-time IDs may be transmitted. Few. Therefore, when a large number of second distributed data provision requests having the same generation time information and different one-time IDs are transmitted, a user different from the user who requested the storage of the secret data is illegally The probability of trying to get is high.

Therefore, as described above, the information processing system 1 transmits the second distributed data provision request equal to or greater than the predetermined threshold number and having the same generation time information and different one-time IDs within the predetermined determination time. In this case, provision of provision data in response to a request from the user node 100 is prohibited. According to this, it is possible to suppress the secret data from being illegally acquired.

Note that each storage node 200 may use only the rejection node list generated by the own node without using the rejection node list generated by another storage node 200. According to this, it is possible to appropriately suppress a service provision failure (DoS) attack due to an unauthorized reject node list. DoS is an abbreviation for Denial of Service.

Further, the reject node list generation unit 211 sets the sender identification information included in the reject node list among the sender identification information in which the number of acquired non-hold notifications is equal to or greater than a predetermined threshold notification number. May be limited to transmission source identification information in which the number of storage nodes 200 that are transmission sources of the node is greater than or equal to a predetermined threshold node number (for example, a majority of the total number of storage nodes 200). According to this, it is possible to appropriately suppress a service provision failure (DoS) attack due to an unauthorized reject node list.

Further, the reject node list generation unit 211 sets the source identification information included in the reject node list for the own node in the source identification information in which the number of acquired non-holding notifications is equal to or greater than a predetermined threshold notification number. You may restrict | limit to the transmission source identification information in which unauthorized access was detected. According to this, it is possible to appropriately suppress a service provision failure (DoS) attack due to an unauthorized reject node list.

<First Modification of Third Embodiment>
Next, an information processing system according to a first modification of the third embodiment will be described. The information processing system according to the first modification of the third embodiment differs from the information processing system according to the third embodiment in information used as a one-time ID. Hereinafter, the difference will be mainly described. In addition, in description of the 1st modification of 3rd Embodiment, what attached | subjected the code | symbol same as the code | symbol used in 3rd Embodiment is the same or substantially the same.

In this example, the one-time ID included in the second data ID is the same as that of the fourth modified example of the first embodiment for N storage nodes 200 included in the node group for the second distributed data group. The information is different for each storage node 200. In this example, the one-time ID constitutes generation information generated based on the input information.

In this example, the one-time ID for the nth storage node 200 among the N storage nodes 200 included in the node group for the second distributed data group is the rth storage of the N storage nodes 200. This is a hash value for a predetermined hash function of information obtained by adding the node ID for identifying the node 200 to the user ID included in the input information. r represents n + 1 when n represents each integer from 1 to N-1, and represents 1 when n represents N. For example, the hash function is a hash function called MD5, SHA-0, SHA-1, SHA-2, or SHA-3.

As described above, the information processing system 1 according to the first modification of the third embodiment can exhibit the same operations and effects as the information processing system 1 according to the third embodiment.
Furthermore, the information processing system 1 according to the first modification of the third embodiment generates different information as identification information for each storage device 12 for the N storage devices 12 included in the selected device group.

<Second Modification of Third Embodiment>
Next, an information processing system according to a second modification of the third embodiment will be described. The information processing system of the second modification example of the third embodiment is different from the information processing system of the first modification example of the third embodiment in that the second data ID is a hash of generation time information instead of the generation time information. It differs in that it contains a value. Hereinafter, the difference will be mainly described. In addition, in description of the 2nd modification of 3rd Embodiment, what attached | subjected the code | symbol same as the code | symbol used in the 1st modification of 3rd Embodiment is the same or substantially the same.

In this example, the second data ID includes generation point identification information instead of generation point information. In this example, the generation time point identification information is a hash value for the predetermined hash function of the generation time point information. In this example, the generation time point identification information constitutes time point identification information for identifying the time point. For example, the hash function is a hash function called MD5, SHA-0, SHA-1, SHA-2, or SHA-3.

As described above, the information processing system 1 of the second modification example of the third embodiment can exhibit the same operations and effects as the information processing system 1 of the first modification example of the third embodiment.
Furthermore, according to the information processing system 1 of the second modified example of the third embodiment, the probability that the list generation time is specified can be reduced.

The generation time identification information may be a remainder when the hash value for the hash function of the generation time information is divided by the second parameter. The second parameter is a positive integer. In this example, the second parameter is predetermined in the information processing system 1. According to this, the probability that the list generation time is specified can be reduced.

Note that the second parameter may vary. In this case, the second parameter is the number of storage node list candidates for which the storage node list is selected, the number of storage node list candidates generated in a predetermined period, or information processing that operates as the storage node 200. It may be determined to increase as the number of devices 10 increases. In this case, for example, the number of storage node list candidates for which the storage node list is selected, the number of storage node list candidates generated in a predetermined period, or the number of information processing apparatuses 10 operating as the storage node 200 And a second parameter function that defines the relationship between the second parameter and the second parameter are predetermined in the information processing system 1.

In each of the above-described embodiments, the technique for changing the storage destination of the distributed data in accordance with the change in the time when the data is stored is applied to the metadata. By the way, the technique may be applied to data different from metadata (for example, user data).

In each of the above embodiments, the information processing system 1 performs communication according to the P2P method. By the way, the information processing system 1 may perform communication according to a method (for example, a client / server method) different from the P2P method.

Note that the present invention is not limited to the above-described embodiment. For example, various modifications that can be understood by those skilled in the art may be added to the above-described embodiments without departing from the spirit of the present invention. For example, any combination of the above-described embodiment and modification may be adopted as another modification of the above-described embodiment without departing from the spirit of the present invention.

DESCRIPTION OF SYMBOLS 1 Information processing system 10 Information processing apparatus 11 Processing apparatus 12 Storage apparatus 13 Communication apparatus 14 Input apparatus 15 Output apparatus 100 User node 101 User authentication reception part 102 User data storage request reception part 103 Storage node list acquisition part 104 Node group determination part 105 Distributed data generation unit 106 Distributed data storage request transmission unit 107 User data recovery request reception unit 108 Provided data acquisition unit 109 Secret data recovery unit 200 Storage node 201 Storage request processing unit 202 Distributed data storage unit 203 Provision request processing unit 204 Operation notification process Unit 205 operation notification storage unit 206 storage node list generation unit 207 storage node list storage unit 208 storage node list request processing unit 209 non-retention notification processing unit 210 non-retention notification storage unit 211 reject node list generation unit 212 reject node list Storage unit BU bus NW communication network

Claims

An information processing system including M (M represents an integer of 2 or more) storage devices,
Generating means for generating N (N represents an integer greater than or equal to 2 and less than or equal to M) pieces of shared data from the secret data according to a secret sharing method;
One associated with a time point included in a period between a current time point and a time point a predetermined time before the current time point, out of a plurality of different device groups respectively associated with a plurality of different time points A device group is selected, and each of the plurality of device groups includes C storage devices (C represents an integer greater than or equal to N and less than or equal to M) selected from the M storage devices, Storage means for storing the generated N distributed data in N storage devices included in the selected device group;
A restoration process is performed on one device group of the plurality of device groups, and the restoration process is performed on each of the at least some storage devices of the N storage devices included in the device group. And when the restoration fails, out of the plurality of device groups, and restoring the secret data according to the secret sharing method from the provided data provided in response to the request, Restoring means for executing the restoration processing on a device group associated with a time point prior to a time point associated with the device group that has caused the failure;
An information processing system comprising:
The information processing system according to claim 1,
The storage unit receives a storage request in association with input information input by a user, and sets the plurality of device groups based on the input information associated with the storage request when the storage request is received. And
The restoration unit accepts a restoration request in association with input information input by a user, and sets the plurality of device groups based on the input information associated with the restoration request when the restoration request is accepted. Information processing system.
The information processing system according to claim 1 or 2,
The plurality of device groups are set based on a plurality of different device ranking information respectively associated with the plurality of time points, and a predetermined information ranking relationship between the input information and C different rankings, The information processing system, wherein the device order information is information representing at least some of the M storage devices and the order assigned to each of the at least some storage devices.
The information processing system according to claim 1 or 2,
The plurality of device groups include at least some storage devices of the M storage devices, device rank information indicating ranks assigned to the at least some storage devices, and the plurality of time points. An information processing system, which is set based on a plurality of different information rank relationships associated with each other, and the information rank relationship is a predetermined relationship between the input information and C different ranks.
An information processing system according to any one of claims 1 to 4,
The information processing system, wherein the secret data is data including information representing a plurality of storage devices each storing a plurality of shared data generated according to a secret sharing method from other secret data different from the secret data.
An information processing system according to any one of claims 1 to 5,
The restoration means accepts period information input by a user and represents a period, and a group of apparatuses to be subjected to the restoration process is represented by a period represented by the accepted period information in the plurality of apparatus groups. The information processing system is limited to a group of devices associated with the time points included in.
An information processing system according to any one of claims 1 to 6,
The storage unit generates identification information based on a time point associated with the selected device group, and stores each of the N pieces of distributed data in association with the generated identification information. system.
The information processing system according to claim 7,
The information processing system, wherein the storage unit generates, as the identification information, different information for each storage device for N storage devices included in the selected device group.
An information processing system according to any one of claims 1 to 8,
The number C of storage devices included in the device group is set to a large number such that a password used for user authentication is easily identified,
The storage means randomly selects N storage devices from the C storage devices included in the selected device group, and the generated N storage devices are stored in the selected N storage devices. Store each distributed data,
The restoration process requests the distributed data to each of C storage devices included in the device group, and N provided data selected from the C provided data provided in response to the request. For each of the combinations, the information processing system includes: restoring the secret data from N pieces of provided data constituting the combination according to the secret sharing method.
An information processing system according to any one of claims 1 to 9,
The request for the distributed data to the storage device includes the time point identification information for identifying the time point by the information processing device to the storage device, the input information input by the user or the generation information generated based on the input information, By submitting an offer request containing
When the information processing apparatus transmits a provision request equal to or greater than a predetermined threshold number in which the time point identification information is common and the input information or the generation information is different, within a predetermined determination time, the information processing An information processing system comprising prohibiting means for prohibiting provision of the provision data in response to the request from a device.
An information processing apparatus communicably connected to M (M represents an integer of 2 or more) storage devices,
Generating means for generating N (N represents an integer greater than or equal to 2 and less than or equal to M) pieces of shared data from the secret data according to a secret sharing method;
One associated with a time point included in a period between a current time point and a time point a predetermined time before the current time point, out of a plurality of different device groups respectively associated with a plurality of different time points A device group is selected, and each of the plurality of device groups includes C storage devices (C represents an integer greater than or equal to N and less than or equal to M) selected from the M storage devices, Storage means for storing the generated N distributed data in N storage devices included in the selected device group;
A restoration process is performed on one device group of the plurality of device groups, and the restoration process is performed on each of the at least some storage devices of the N storage devices included in the device group. And when the restoration fails, out of the plurality of device groups, and restoring the secret data according to the secret sharing method from the provided data provided in response to the request, Restoring means for executing the restoration processing on a device group associated with a time point prior to a time point associated with the device group that has caused the failure;
An information processing apparatus comprising:
An information processing method using M storage devices (M represents an integer of 2 or more),
Generate N (N represents an integer of 2 or more and M or less) distributed data from the secret data according to the secret sharing method,
One associated with a time point included in a period between a current time point and a time point a predetermined time before the current time point, out of a plurality of different device groups respectively associated with a plurality of different time points A device group is selected, and each of the plurality of device groups includes C storage devices (C represents an integer greater than or equal to N and less than or equal to M) selected from the M storage devices, Storing the generated N distributed data in N storage devices included in the selected device group;
A restoration process is performed on one device group of the plurality of device groups, and the restoration process is performed on each of the at least some storage devices of the N storage devices included in the device group. And when the restoration fails, out of the plurality of device groups, and restoring the secret data according to the secret sharing method from the provided data provided in response to the request, An information processing method for executing the restoration processing on a device group associated with a time point prior to a time point associated with the device group that has caused the failure.
To an information processing device connected to be communicable with M storage devices (M represents an integer of 2 or more),
Generate N (N represents an integer of 2 or more and M or less) distributed data from the secret data according to the secret sharing method,
One associated with a time point included in a period between a current time point and a time point a predetermined time before the current time point, out of a plurality of different device groups respectively associated with a plurality of different time points A device group is selected, and each of the plurality of device groups includes C storage devices (C represents an integer greater than or equal to N and less than or equal to M) selected from the M storage devices, Storing the generated N distributed data in N storage devices included in the selected device group;
A restoration process is performed on one device group of the plurality of device groups, and the restoration process is performed on each of the at least some storage devices of the N storage devices included in the device group. And when the restoration fails, out of the plurality of device groups, and restoring the secret data according to the secret sharing method from the provided data provided in response to the request, A program for executing processing for executing the restoration processing on a device group associated with a time point prior to a time point associated with the device group that is the basis of the failure.